Install FIPS images

To install the FIPS-compliant build of Service Mesh Manager, complete the following steps.

  1. Download the following YAML file. It contains the list of FIPS-compliant images the installer should use.

    apiVersion: servicemesh.cisco.com/v1alpha1
    kind: IstioControlPlane
    metadata:
      name: cp-v115x
    spec:
      version: 1.15.3
      mode: ACTIVE
      istiod:
        deployment:
          image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-pilot:v1.15.3-bzc.0-fips
      proxy:
        image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-proxyv2:v1.15.3-bzc.0-fips
      proxyInit:
        cni:
          daemonset:
            image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-install-cni:v1.15.3-bzc.0-fips
        image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-proxyv2:v1.15.3-bzc.0-fips
      sidecarInjector:
        deployment:
          image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-sidecar-injector:v1.15.3-bzc.0-fips
    
  2. Follow any of the regular installation guides (for example, Create single cluster mesh or Create multi-cluster mesh), but use the following customized YAML file with the initial installation command to use the FIPS-compliant versions of the images. For example, for a non-interactive single-cluster installation, run:

    smm install  -a --cluster-name <name-of-your-cluster> --istio-cr-file istio-fips.yaml